Wireless LAN Penetration Testing Course

Wireless Penetration Testing

Years ago, a friend of mine, Kimberly Graves and I had been teaching both CWSP and CEH courses. At the end of those courses, our students would ask to see our ‘instructor kit’. They wanted to have the bits that we used in class to show off Wireless Hacking.

Kimberly was the author to the Certified Ethical Hacker study guide, and I helped with the technical edits on that book. I was also a Certified Hacking Forensic Investigator and Licensed Penetration Tester trainer for EC Council at the time.

So to react to the market, we developed a Wireless Hacking Course… but couldn’t call it that – since some companies and government agencies wouldn’t fund training with the word ‘Hacking’ in the title.

So we called it “Wireless LAN Security Assessment Toolkit” – and it was a course than not only taught wireless hacking, but also came with all the parts one might have needed. Spectrum Analyzers, 5 WLAN NICs, access points, hand-held client devices, and all the software pre-configured, and finally, even a laptop to run it all on.

This was a wildly successful class in its time. 

Both Kimberly and I have moved on and now both work for vendors, Kimberly does Course Development and Training for Aruba, and I am now doing Expert Services for Ruckus.

A couple of weeks ago, I was asked if I had any materials on the flow of Wireless Penetration Testing…

So we thought it might be a good idea to take the materials we produced for the WLSAT course and release them to the public. We’re not releasing any copyrights… just allowing folks on the Wireless LAN Professionals website to download and use them for personal use.

Below is PDFs of the printed student materials included in the Wireless LAN Security Assessment Toolkit course. Yes, these are a couple of years out of date… but many of the concepts and techniques used are still valid today.

You can check out the old marketing web page with the details on the old course. We’ve included PDFs from each of the chapters, so you can download them one at a time if you’d like.


Here are the files for your perusal:

00 Student Kit and Classroom Setup.v7

01 wireless packet captures and conection analysis review.v7

02 Lab 2 Discovering, Locating, and Accessing WiFi Networks.v7

03 Sniffing and Capturing Data.v7

04 Encryption and Authentication Mechanisms.v7

05 Rogue Access Points and Client Hijacking.v7

06 Wireless Denial of Service Attacks.v6

07 Using a Wireless Instrusion.v7

08 Creative Advanced Attacks.v7

09 8oh2 custom linux script.v7

Appendix – Linux WLAN NIC Command Review

Appendix C – Linux Flash Cards v1.4.1


Wireless Penetration Testing Flowchart